Affonso

Privacy Policy

Privacy Policy

Introduction

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or use the services provided by Affonso (https://affonso.io) operated by ZASolution ("Company", "we", "us", and/or "our"). We respect your privacy and are committed to protecting your personal data.

This Privacy Policy applies to all information collected through our website, affiliate and referral tracking software, and any related services, sales, marketing, or events (collectively, the "Services"). By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Services.

Affonso is an affiliate and referral tracking software built to help SaaS and app businesses launch and manage their own affiliate programs. To provide and improve these Services, we collect and process certain types of information. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of your information.

Information Collection and Use

Personal Information You Provide

When you register for our Services or interact with our platform, you may provide us with certain personally identifiable information that can be used to contact or identify you. This information may include, but is not limited to:

When you create an account with Affonso, we collect information such as your name, email address, company name, and website URL. If you choose to use our paid services, our payment processor Stripe will collect billing information necessary to process your payments. We never directly store your complete payment information on our servers.

Throughout your use of our Services, you may also provide additional information when you communicate with our support team, respond to surveys, or interact with our marketing materials.

Automatically Collected Information

When you visit our website or use our Services, we automatically collect certain information about your device and how you interact with our platform. This information is collected using cookies and similar tracking technologies.

The information we automatically collect includes:

  • Technical information about your device, including IP address, browser type and version, time zone setting, and operating system
  • Information about your visits to our website, including the full URL clickstream to, through, and from our site
  • Your usage patterns within our Services, including features accessed and time spent on various pages

This information helps us understand how our Services are used, allows us to optimize the user experience, and enables us to provide better support when needed.

Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR. For contract performance under Article 6(1)(b) GDPR, we process data necessary for account management, service provision, payment processing, and fulfilling our contractual obligations to you. Under our legitimate interest pursuant to Article 6(1)(f) GDPR, we conduct analytics, security monitoring, fraud prevention, and service improvement activities where our legitimate interests do not override your fundamental privacy rights. Where we have obtained your explicit consent under Article 6(1)(a) GDPR, we process data for marketing communications, optional analytics, and non-essential cookies. Finally, we process certain data to comply with legal obligations under Article 6(1)(c) GDPR, including maintaining tax records and meeting regulatory requirements.

How We Track and Protect Referral Data

Referral Data Collection

Our affiliate and referral tracking system is designed to provide precise insights while maintaining the highest standards of data privacy and security. Here's how our tracking system operates:

When a visitor accesses our customers' websites through an affiliate link, our system activates through our JavaScript integration (Affonso.js). This script creates a unique click identifier that is stored in the affonso_referral cookie on the visitor's browser. This cookie is domain-specific, meaning it is only accessible on the customer's website where it was created, ensuring data privacy and preventing cross-site tracking.

For conversion tracking, we process events through secure webhooks from payment providers (such as Stripe) for events associated with referred users. This includes tracking of payments, subscriptions, refunds, and other conversion events that are essential for accurate commission calculations.

Data Usage and Access Control

The referral data we collect is used exclusively for:

  • Calculating and tracking affiliate commissions
  • Analyzing and reporting on referral campaign performance
  • Optimizing our customers' affiliate programs

Access to referral data is strictly controlled:

  • Program administrators have access to comprehensive program data
  • Individual affiliates can only access their own performance metrics
  • Referral email addresses are redacted where appropriate
  • We never sell or share referral data with third parties

Data Processing on Behalf of Customers

When you use Affonso to track affiliate referrals on your website, we act as a data processor on your behalf under Article 28 GDPR. In this capacity, we process personal data of your website visitors and affiliates strictly according to your instructions and our Data Processing Agreement. You remain the data controller and are responsible for ensuring lawful processing, obtaining necessary consents, and handling data subject rights. Our role as processor is governed by our comprehensive Data Processing Agreement, which details all technical and organizational measures, sub-processor arrangements, and data security protocols. This agreement forms an integral part of our service provision and is available at https://affonso.io/legal/dpa.

Third-Party Website Integration

When our tracking technology is embedded on customer websites, the respective website operator serving as our customer is solely responsible for compliance with all applicable data protection requirements. This responsibility encompasses obtaining proper user consent, implementing appropriate privacy notices, ensuring lawful processing of personal data, and maintaining adequate records of processing activities. While we provide technical tools and features designed to support compliance efforts, we cannot and do not guarantee legal compliance without proper implementation by the website operator. The website operator must ensure that all necessary legal bases are established before activating our tracking functionality and must handle all data subject requests related to the tracking data processed through our platform.

Use of Cookies and Tracking Technologies

We use cookies and similar tracking technologies to monitor and improve our Services. A cookie is a small text file that is placed on your device when you visit our website. We use the following types of cookies:

Essential Cookies

The affonso_referral cookie is essential for our affiliate tracking functionality. This cookie can be configured to match your specific privacy requirements and can be integrated with your existing cookie consent mechanisms to ensure GDPR compliance. Customers can customize the duration of this cookie to align with their business needs and compliance requirements.

Analytics Cookies

We use Google Analytics to understand how visitors interact with our website. These cookies collect information about your browsing behavior in an anonymized form.

Marketing Cookies

We use cookies from marketing platforms like Meta Pixel and Google Ads to deliver more relevant advertisements and measure their effectiveness.

Data Sharing and Third-Party Services

We share your information with trusted third-party service providers who assist us in operating our website, conducting our business, or providing services to you. All service providers are contractually obligated to use your information only for the purposes specified by us and in accordance with this Privacy Policy. We work with the following types of service providers:

Payment Processing

We use Stripe to process all payments. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information.

Analytics Services

We use Google Analytics to understand how our Services are used. These services receive anonymized data about your interactions with our platform.

Marketing Services

We work with advertising partners to deliver relevant advertisements to users who may be interested in our Services. These partners may use cookies and similar technologies to collect information about your interactions with our website.

Service Providers and Sub-Processors

We work with carefully selected third-party service providers to deliver our services effectively and securely. When acting as a data processor for our customers, the complete list of sub-processors and their specific roles is detailed in our Data Processing Agreement at https://affonso.io/legal/dpa. For our own platform operations, we use similar infrastructure and service providers, all of which are contractually bound to maintain appropriate data protection standards and process data only as instructed by us.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information. These measures include:

  • Encryption of data in transit and at rest using industry-standard protocols
  • Regular security audits and vulnerability assessments
  • Strict access controls and authentication requirements for our staff
  • Regular backup procedures and disaster recovery planning
  • Server infrastructure located in secure facilities in Frankfurt, Germany

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Data Retention Periods

We retain personal data for periods appropriate to the purpose of processing and in accordance with applicable legal requirements. Customer account data is retained for the duration of our service relationship and thereafter as required by applicable law, including tax and commercial obligations.

Referral tracking and analytics data forms the core of our service offering and is retained for the duration of our service relationship to provide ongoing affiliate program analytics, commission calculations, and performance reporting to our customers. This data is essential for the proper functioning of affiliate programs and commission tracking over time. Users can export their affiliate data at any time through our platform.

Other data categories such as support communications, marketing data, and security logs are retained for periods necessary to fulfill their respective purposes and legal obligations. Upon termination of services, data will be deleted in accordance with our standard retention schedules, applicable legal requirements, and legitimate business needs.

Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. These rights include:

  • The right to access, update, or delete your personal information
  • The right to rectification if your information is inaccurate or incomplete
  • The right to object to our processing of your personal data
  • The right to request restriction of processing your personal data
  • The right to data portability
  • The right to withdraw consent where we rely on consent as the legal basis for processing

To exercise any of these rights, please contact us using the information provided at the end of this policy.

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA). These rights include:

  • The right to know what personal information we collect about you
  • The right to request deletion of your personal information
  • The right to opt-out of the sale of your personal information
  • The right to non-discrimination for exercising your CCPA rights

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the "Last Updated" date at the top of this policy and notify you through the Services or via email for significant changes.

Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: hello@affonso.io Address: ZASolution, c/o Block Services, Stuttgarter Str. 106, 70736 Fellbach, Germany

Last modified: October 26, 2024